On 23/08/11 00:03, Justin Lawler wrote:
Hi,
We have had to put in a number of URLs to the squid bypass
icap_service service_1 reqmod_precache 0 icap://127.0.0.1:1344/reqmod
icap_class class_1 service_1
acl bypassIcapRequestURLregex urlpath_regex "./squid-3/etc/byPass_ICAP_request_URLregex.properties"
icap_access class_1 deny bypassIcapRequestURLregex
When we added 4 regular expressions to this file, we started to see the CPU usage going up quite a bit, and we started to see the number of established connections from squid to ICAP server double or triple.
Is this a known issue? Is there a better/more efficient way to bypass ICAP than above?
Other than using other ACL types, no.
Regular expressions were very simple, just matching end of URLs.
a) regex is a bit slow. Did you remember to anchor the ends? and
manually aggregate the patterns? avoid extended-regex pattern tricks?
b) URLs can be many KB in length. That can make URL regex very CPU
intensive.
d) routing selection ACLs are run multiple times per request.
You can turn on access control debugging (level 28,3) to see how many
times those are run and how long they take each test.
We're running squid 3.0.15 on Solaris 10.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.14
Beta testers wanted for 3.2.0.10
